Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M (krebsonsecurity.com)

Posted by msmash on from the fool-me-once,-fool-me-twice dept.

Brian Krebs reports: Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email. The email allowed the intruders to install malware on the victim's PC and to compromise a second computer at the bank that had access to the STAR Network, a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

70 comments

  1. Insurance didn't protect them by Anonymous Coward · · Score: 0

    Why bother with security or training when it is just cheaper to let the insurance or lawyers pay?

    Get 2FA physical tokens people.

    1. Re:Insurance didn't protect them by xxxJonBoyxxx · · Score: 4, Insightful

      I think they just found out that "cybersecurity insurance" is a joke: one missing patch or badly configured machine and your insurer will deny you. Remember, these are that same folks that manage medical insurance - you sure you want a bunch of "claim denied" messages when your IT systems go t**s up?

    2. Re:Insurance didn't protect them by Anonymous Coward · · Score: 1

      I think they just found out that "cybersecurity insurance" is a joke: one missing patch or badly configured machine and your insurer will deny you

      At some point, companies need to bear some responsibility for their shitty security. It's seldom just one patch, but companies who refuse to do what many of us consider basic security.

      you sure you want a bunch of "claim denied" messages when your IT systems go t**s up?

      When the owners of said IT systems refuse to (or are incompetent to) perform system admin and security, do you think the insurer should be paying for what is essentially self inflicted through being lazy/stupid/cheap?

      If they did that, companies would do even worse jobs at security, and just say "oh well, we've got shitty systems but the insurance will fix it".

      Because, really, you know some guy was standing in front of management saying "guys, we really need to do this because what we have is going to cause problems", and management basically said there was no money and to pretend it's all fine.

      Inept and cheap management is a huge problem when it comes to computer security. Why should an insurance company pay out for that?

    3. Re:Insurance didn't protect them by Anonymous Coward · · Score: 0

      Modding today so I'm an AC...

      FYSA - the "claim denied" bias from insurance companies is sometimes just a delay tactic. They know they are liable, but they are guessing that you may not and choose to pay instead of fighting. While you fight it they get to keep their money longer, so it's a win, win for them in the short term. Remember, "Time is money."

    4. Re:Insurance didn't protect them by bobstreo · · Score: 1

      I think they just found out that "cybersecurity insurance" is a joke: one missing patch or badly configured machine and your insurer will deny you. Remember, these are that same folks that manage medical insurance - you sure you want a bunch of "claim denied" messages when your IT systems go t**s up?

      I'm guessing they are being denied due to "preexisting conditions" Just like health insurance. /s

    5. Re:Insurance didn't protect them by Anonymous Coward · · Score: 0

      Consumers don''t have enough clout to convince a company to improve their cybersecurity. The government (at least the USA government) won't pass/enforce any laws to help.

      Insurance companies are the last hope. By denying claims because a company has bad security is exactly what needs to happen to convince companies to care about cybersecurity.

    6. Re:Insurance didn't protect them by hcs_$reboot · · Score: 1

      I think they just found out that "cybersecurity insurance" is a joke

      The problem is the insurance contract terms you sign, and the signer is the same guy who's in charge of IT security.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    7. Re:Insurance didn't protect them by Anonymous Coward · · Score: 0

      Because thats why they pay for insurance. Duh.

    8. Re:Insurance didn't protect them by bws111 · · Score: 4, Interesting

      This case has nothing to do with claims being denied. The bank has two types of coverage. The first is for 'computer and electronic fraud'. The coverage on that is $8M. That coverage explicitly EXCLUDES 'loses due to purported use of cards to obtain funds or credit'. It also explicity EXCLUDES 'loses from automatic mechanical devices which ... disburse money ...'.

      The second coverage they have is for 'debit card/ATM fraud'. The coverage on that is $250K.

      So what happened? The thieves, by phishing, got access to the computers and changed PINs, disabled fraud protection and daily limits, etc. They did not steal any money (wire transfers, etc). Then they went to 'hundreds of ATMs' and used fraudulent cards to get money.

      So which coverage applies? The insurance company says it was card/ATM fraud, here's your $250K. The bank says if it wasn't for the computer fraud there would have been no ATM fraud, so the higher coverage should apply.

      Interesting legal question, but hardly indicative that 'cybersecurity insurance is a joke'.

    9. Re:Insurance didn't protect them by Anonymous Coward · · Score: 0

      Changing settings is not fraud. Real fraud is using bogus cards to steal money or do a transfer.

      Staff education did not occur, and the oversight of star was less than stellar.
      Seems to me internal driven fraud has not got serious effective programs to detect it. Time to cancel all insurance policies. This is a small sortie before transfers go down.
      Add an account and wait - then boom.

    10. Re:Insurance didn't protect them by Miser · · Score: 1

      In that case, sounds like Microsoft (if they were running Windows) should be liable, eh?

      Sometimes you can't install a patch due to it fucking up existing software (that can't be patched).

  2. And what's worse... by magusxxx · · Score: 4, Funny

    ...the clerk never got that $100 Applebee's gift card.

    --
    Care killed the cat, but satisfaction brought it back.
  3. Red-headed stepchild. by Anonymous Coward · · Score: 0

    Maybe people should just stop using E-mail. It's more trouble than it's worth.

    1. Re:Red-headed stepchild. by xxxJonBoyxxx · · Score: 1

      Bill Clinton figured that out years ago. (https://blogs.wsj.com/washwire/2015/03/10/bill-clinton-still-doesnt-use-email/) His wife isn't quite as smart, but she was smart enough to wipe her email trail once she realized there might be something interesting in it.

    2. Re:Red-headed stepchild. by Luthair · · Score: 1

      I guess all other forms of communication too - companies have been convinced by "a creditor" calling them to "update" the account to send payment to.

  4. This is the new reality of banking security by Aurelfell · · Score: 5, Interesting

    It's no longer about preventing attacks from happening, but accepting that they are going to happen and hardening systems to minimize or eliminate theft and damage when they do. This might seem obvious to a lot of people in the tech industry, but it represents a major paradigm shift for banking.

    1. Re:This is the new reality of banking security by Anonymous Coward · · Score: 1

      How is this new? It was never about preventing attacks. Banks have been robbed since they were created. Losses have to be expected because some people are trash and there is no perfect security.

    2. Re:This is the new reality of banking security by Rick+Schumann · · Score: 3, Insightful

      It's no longer about preventing attacks from happening, but accepting that they are going to happen

      Bullshit. There's a word for what you're talking about: surrender. In 2018 people should be smarter and systems should be more secure, but for some reason they're not. This needs to be FIXED. Throwing up your hands and saying "Oh well, guess that's just the way it is!" is cowardly and idiotic in the extreme. If what you're saying was actually true then the only course of action anyone with an average IQ or above could logically take would be to pull all their money out of all accounts and keep it at home in a safe buried in the ground, or at least stashed in a safety deposit box at a bank, or similar hardened secure facility, and pay cash for everything, forever. Banks would fold, e-commerce would dry up and die, as we functionally went back to no later than the 1950's. It's bad enough that I see how many breaches of financial systems there are all the time and have had to personally resort to paying cash for everything I do in person (to reduce my overall exposure to risk) but to just give up is nonsense. We have to do better, we have to fix the security problems.

    3. Re:This is the new reality of banking security by Anonymous Coward · · Score: 0

      I, too, support radical depopulation of the planet.

      Where might I subscribe to your newsletter?

    4. Re:This is the new reality of banking security by Rick+Schumann · · Score: 1

      WTF?

    5. Re: This is the new reality of banking security by nitehawk214 · · Score: 2

      Exactly. Banks are lax on security because it isn't their money, and insurance will cover it. It's the same reason they are lax on investing and loans. Somebody will bail them out.

      If we started holding banks feet to the fire, this shit would end.

      Now I do have some sympathy for the banks. Security costs money, and consumers shop for banking products almost soley on fees and rates. Having a "security" fee on a bank statement just won't fly.

      Perhaps we can have security audit checks as a public record and something banks can advertise.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    6. Re: This is the new reality of banking security by Rick+Schumann · · Score: 1

      This is about more than banks. Like I said elsewhere: when the lights go out and stay out, water stops coming out of the taps, and everyones' bank accounts are drained, then suddenly everyone will care -- and it'll be TOO FUCKING LATE. Shit needs to be FIXED, NOW.

    7. Re: This is the new reality of banking security by Anonymous Coward · · Score: 0

      Exactly. Banks are lax on security because it isn't their money, and insurance will cover it.

      Then insurance gets real expensive. As in, insurance costs more than cyber bank robbers. As long as theft goes up, rates goes up too. Insurance companies always operate at a profit. If you're big enough, it therefore always pays to self-insure. Then, any security measure cheaper than robbery will be considered.

    8. Re:This is the new reality of banking security by Anonymous Coward · · Score: 0

      Rick Fuckin' Schumann!
      AIR GUITAR SOLO
      huh-yeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!

    9. Re: This is the new reality of banking security by nnet · · Score: 1

      Then FIX it. Cure greed and avarice first. Quit expecting others to do it for you. YOU start the movement. OK?

    10. Re: This is the new reality of banking security by Rick+Schumann · · Score: 1

      I am starting it by opening a dialogue with people on the Internet about it.
      What the hell is your problem? Are you one of these people who just accepts whatever it is that's going on and doesn't care? Can't even be bothered to discuss what's going on?

    11. Re: This is the new reality of banking security by datavirtue · · Score: 1

      Or we could roll out 2FA. Jeaus fucking christ....why is it like pulling teeth to get it implemented these days? "We dont have the development cycles." I think Im going to punch someone in the throat if I hear the word "cycles" one more time.

      --
      I object to power without constructive purpose. --Spock
  5. Well duhhhhh... by Anonymous Coward · · Score: 0

    If you didn't secure your shit after the first hack.
    Why would anyone cover you for the second one 8 months later?

    Yall stupid. no insurance for you, fuck off.

  6. Twice?!?! by Major+Blud · · Score: 4, Insightful

    Now the financial institution is suing its insurance provider for refusing to fully cover the losses.

    Hack me once, shame on you, hack me twice, shame on me?

    Seriously, 8 months passed between the phishing incidents. That's plenty enough time to do a security audit and train your staff, and the insurance company knows that.

    --
    If you post as Anonymous Coward, don't expect a reply.
    1. Re:Twice?!?! by Opportunist · · Score: 1

      Could someone with mod points hand that guy some? This sums up the situation pretty accurately.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Twice?!?! by Anonymous Coward · · Score: 0

      Now the financial institution is suing its insurance provider for refusing to fully cover the losses.

      A core business of the bank is to protect the money in its accounts. If they felt the need for insurance, that is implying that they are not confident in their ability to protect that money. You cannot allow rampant malfeasance in your company and then just insure against it. Insurance generally stipulates that reasonable measures are taken to protect yourself. Reasonable measures for a bank, a high value target, is generally gong to be defined as a higher standard than a home.

    3. Re:Twice?!?! by Ichijo · · Score: 1

      Seriously, 8 months passed between the phishing incidents. That's plenty enough time to do a security audit and train your staff, and the insurance company knows that.

      So the insurance company accepted the premiums knowing they wouldn't have to pay for any loss caused by a security breach? Isn't that fraud?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    4. Re:Twice?!?! by Major+Blud · · Score: 1

      Maybe, maybe not. It depends on what the contract requirements are.....system update frequency, external security audits, etc. I doubt we're going to be able to find the text of said contract until it goes on record at trial.

      --
      If you post as Anonymous Coward, don't expect a reply.
    5. Re:Twice?!?! by bws111 · · Score: 1

      You could just read TFA and see what the real issue is.

      The bank has two types of coverage. The first is for 'computer and electronic crime'. The limit on that coverage is $8M. That coverage specificially excludes 'automated mechanical devices which ... disburse money ...'. as well as 'the purported use of cards to obtain funds or credit'.

      The second coverage is a 'debit card rider' covering against ATM and debit card fraud. The limit on that coverage is $250K.

      The insurance company says that since the theft was through ATMs, the second coverage is in effect, and the first is not (it has been excluded). The bank says that if it weren't for the 'hacking' on their computers the ATMs would have worked properly and therefore the first coverage should be in effect.

      In either case there is certainly no 'fraud', just a disagreement about which coverage should apply.

    6. Re:Twice?!?! by bws111 · · Score: 1

      The relevant parts of the contract are in TFA. It has nothing to do with any security measures or anything like that. The question is: which coverage applies? Was it 'computer fraud', which has a limit of $8M. Or was it 'debit card/ATM fraud', which has a limit of $250K. The bank says it was the first, the insurance company says it was the second.

    7. Re:Twice?!?! by Major+Blud · · Score: 1

      Thanks, I didn't get that far into the article (TL;DR). It is an interesting question, was an ATM or debit card ever used at any point? If not, I'd have to side with "computer fraud".

      --
      If you post as Anonymous Coward, don't expect a reply.
    8. Re:Twice?!?! by bws111 · · Score: 1

      Yes, ATMs were how they got the money. The used the computer access to alter PINs, disable daily limits, etc, then used 'hundreds' of ATMs around the country to withdraw money.

    9. Re:Twice?!?! by terrycarlino · · Score: 1

      I expect that question will have to be answered by a court. Unless of course it looks like the insurance company will lose, then they will settle so there is no legal precedent set.

  7. This is the new reality of going out of business. by Anonymous Coward · · Score: 0

    Going out of business takes away things to lose and destroy, so it's pretty effective at conveying the importance of doing things right the first time to the survivors.

  8. this is how nubs lose they dcaa certs by Anonymous Coward · · Score: 0

    Every computer in your organization has USB enabled? Interesting, interesting indeed. Reminds me of times when one could just distribute free music disks near the bull and the whole Wall Street would listen...

  9. Physically Segment Your Networks by Luthair · · Score: 2

    Sony, Home Depot, and a number of others have been compromised because they failed to separate what should be secure systems from the rest of their infrastructure. This behaviour is blatantly negligent.

    1. Re:Physically Segment Your Networks by Anonymous Coward · · Score: 0

      Sony, Home Depot, and a number of others have been compromised because they failed to separate what should be secure systems from the rest of their infrastructure. This behaviour is blatantly negligent.

      so what you are saying is that it's just stupid for companies to allow people om the internet to be able to make purchases and such. Any ability to connect to internal systems should not be allowed.

    2. Re:Physically Segment Your Networks by zlives · · Score: 1

      especially when there are tools already available to segregate networks at application level.

  10. Dumb People Breached Virginia Bank Twice by Anonymous Coward · · Score: 0

    Let's get something straight. Phishing emails are not hacking. And the stupids who fall for them are the ones responsible for all of this. People can't be trusted with their own security and do not have the skills to discern phishing attempts from customer service emails. We're fucked.

  11. Wait a bit more by hcs_$reboot · · Score: 2

    Things always go in threes.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  12. Re:No, msmash, krebs is not a reputable source by Anonymous Coward · · Score: 0

    What exactly is wrong with kerbs? I mean besides you obviously don't like them. Considering it was that blog that broke the story...

    Here is another article but point to kerbs as the source.. aren't we always complaining that the editors don't go to the source?

    https://www.finextra.com/newsarticle/32435/bank-hacked-twice-in-a-year-sues-insurer

    It doesn't look like the major news sites have picked up this story yet, so I am not sure what you want here... With the pdfs for the lawsuit being linked on kerbs, it certainly doesn't look like he made it up.... So why the hate on kerbs there sluggo?

    I can tell you working in the bank IT industry that we are watching this situation.

  13. Re:fucking idiot by HornWumpus · · Score: 1

    Google has not been phished. That is not the same as not attacked or owned in some other way.

    But yeah, they clearly fucked up.

    With ubiquitous smartphones. I'm back to don't connect your work network to the internet, at all, for 90-99%% of staff. The rest get in through dedicated machines on a dedicated network, which are scanned for changes (which are logged) then reimaged, nightly.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  14. Security company working with insurance here. Fire by raymorris · · Score: 5, Interesting

    You may have had experience related to insurance and the fire code. Someone may have walked through your office building doing a fire inspection, looking for things like power strips plugged into other power strips, which are in turn plugged into another power strip. That fire inspection was likely done for insurance reasons. The insurance companies created the National Fire Protection Association, which writes the fire codes, and also created Underwriters Laboratories (UL), which does fire testing and allows it's logo to be put on tested products. You've certainly seen products that are UL listed, UL registered, and UL certified. These are some of the ways that insurance companies encourage fire safety.

    If you don't comply with fire code, if you're using electrical appliances that aren't UL listed or better, the insurance company will start taking actions that encourage safety compliance. That can range from simply issuing a recommendation to raising your rates until you comply, and even saying "if this problem isn't fixed within three months, we will no longer cover you for electrical fires". The insurance company analyzes the risks and sets rates and other conditions appropriate for the level of risk.

    My company, which does cybersecurity, is working with insurance companies to rate cyber risk the same way the rate fire risk. A company's rates will depend on what safeguards they have in place. Take Windows updates for example. If you roll out all Windows updates within 24 hours of release, you'll get the best rate. Roll them out within 2 weeks and you'll get a middle rate. Have XP servers exposed to the internet? The insurance company will probably give you 60 days to fix that, or you're no longer covered for certain things. It's not an all or nothing thing. We deliver a big report, it can be over 100 pages. Each thing in the report can increase or decrease the rate they pay for insurance, or cause the insurance company to not cover certain things until they get fixed.

    Here they had a huge loss due to phishing. When paying out that first phishing claim, the insurance company probably said "we don't want this to happen again. In order to be covered for future phishing, you need to reduce your risk by doing x, y, and z". Sure enough 8 months later, another huge loss due to phishing. The bank probably didn't put proper measures in place to mitigate the risk.

    One way to reduce phishing risk is for corporate security to send out a "phishing" email about once per month. Employees who click the link see a page reminding them about phishing. Employees who click the "report this email" button in Outlook get a smiley acknowledgement that they did the right thing.

  15. 2018: People are still this gods-be-damned stupid by Rick+Schumann · · Score: 1

    You know, Slashdotters, some time ago I started thinking that people were getting dumber as a whole over time instead of smarter, and I said so.
    Then some time passed, and I came to another, worse realization: People have always been dumb, it's just that I'm starting to really notice it more now.

    Memo to all businesses: YOU HAVE TO DO BETTER WITH THIS SHIT ONE WAY OR ANOTHER!
    The current state of computer system security, all over the world so far as I can tell, is dismal. So far as I can tell from what I read and hear: criminal organizations, cyber-enabled terrorist organizations, cyber-operatives for foreign governments/foreign military, already have the ways and means to hack their way into any systems they choose, including critical infrastructure, government, and military systems; they're all just waiting for orders to attack. All the successful attacks you hear about every week? Those are just practice runs and small-time operations for pocket money and proofs-of-concept. Furthermore, as-is, anyone with a smartphone or 'IoT' devices, Internet-facing NAT routers, etc, are just as likely as not to already be part of someones' bot-net, even if the code is sitting dormant on it for now, waiting for commands from their C&C servers.

    So the question is:How do we fix all this? Failure is NOT AN OPTION.

  16. Re:2018: People are still this gods-be-damned stup by hcs_$reboot · · Score: 1

    Sony proved that it's more cost effective to be hacked a few times than hire numerous competent people to make strong systems [ didn't say they did it on purpose though, do not attribute to malice that which is equally explained by incompetence ].

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  17. Re:2018: People are still this gods-be-damned stup by Rick+Schumann · · Score: 1

    You're being sarcastic, but sure, let's see how 'cost effective' flies with everyone when power plants blow themselves up, there' no water coming out of the tap, and everyones' bank accounts are drained, all at the same time.

  18. Re:2018: People are still this gods-be-damned stup by Rick+Schumann · · Score: 1

    FOLLOW-UP: https://politics.slashdot.org/... Should we start a betting pool? How about a doomsday clock? Shit needs to be fixed NOW.

  19. Re:2018: People are still this gods-be-damned stup by Anonymous Coward · · Score: 1

    Failure is NOT AN OPTION.

    Dude, seriously?

    At the corporate level, failure is always an option ... even if the idiots in management are incapable of seeing it.

    And when it comes to security of devices, failure in terms of security is almost always a given, because companies want to push out incomplete products as soon as they can. And I assure you, the security isn't the first thing they do.

    The reason you hear about this every week is precisely because failure is not just an option, it's apparently a preferred outcome as long as the vendor gets paid for their shitty product with terrible security.

  20. Illiterate IT People by chill · · Score: 3, Insightful

    Part of the problem, if judging by the existing 41 comments here on Slashdot, is IT people either *can't* or *won't* read. All y'all are bitching about an insurance company denying the claim, etc.

    They didn't deny the claim! There are *two* policy riders possibly that cover situation and the insurance company is claiming the one with the $250,000 cap is the one that applies -- so paid that one.

    It is an interesting *legal* situation, but totally not at all what the slashmob is whining about.

    --
    Learning HOW to think is more important than learning WHAT to think.
  21. Better: Stop using MS products by Kludge · · Score: 2

    FTFA: "the 2017 breach was embedded in a booby-trapped Microsoft Word document."
    Unfortunately most people are too dumb to dump MS, and crackers will continue to win.

  22. They cashed the premium check. by Anonymous Coward · · Score: 0

    That is DEFACTO affirmation that they accepted the risk.

    1. Re:They cashed the premium check. by bws111 · · Score: 1

      I take it you have never actually read an insurance policy? There are quite often requirements and responsibilities on the insured. Failure to meet those responsibilities means that claims may be denied. There is no such thing as 'DEFACTO affirmation that they accepted the risk'.

  23. Cheapest is to not have incidents by raymorris · · Score: 1

    The best case for the insurance company is that claims aren't filed, and they don't have to do investigations or pay lawyers, they just collect premiums and use about 10% of that on compilance measures. It's not only cheaper for them to not have to deal with claims, but fewer $100 million claims means their risk is lower, their quarterly numbers are more predictable. That's good for them overall, and reduces their rate for re-insurance (the insurance that is purchased by insurance companies).

  24. Re:2018: People are still this gods-be-damned stup by Rick+Schumann · · Score: 1

    Let's see how they feel about 'failure being an option' when they're dragged by their feet out into the street and introduced to Monsieur Guillotine.

  25. @ least I'm not EATING MY WORDS (you are) by Anonymous Coward · · Score: 0

    See subject & your BLUNDER you could IMITATE my program in 1 afternoon (+ stealing unique methods I use in it) https://linux.slashdot.org/com...

    * Unbelievable...

    (How LONG has it been now you've been either STALKING me by UNIDENTIFIABLE anonymous posts OR IMPERSONATING me ala https://politics.slashdot.org/... ?)

    APK

    P.S.=> Grow up & get OVER your "butthurt" (I must've severely embarassed you @ some point - I rarely IF EVER 'start it' but I do finish it - letting "your kind" FINISH THEMSELVES off as you did in the link example above - your kind (probably ONLY YOU imo) do it to yourselves)... apk

  26. HAHA by Anonymous Coward · · Score: 0

    Fuck banks and their brain dead people !

    They should buy brain-dead computers from Apple, rumor has it it was also designed for brain-dead work LOADS !

    GIVE UP BANKS.

    You not suited for tomorrows hi-tech IT reality.

  27. return burglars by Anonymous Coward · · Score: 0

    In the mid-1980's the place I worked at was burglarized. They took things like typewriters. (Uh, 1980's...).
    A few weeks later that came back stole the New typewriters.
    When the second theft was reported to the police, a policeman told someone at the company. "Oh yeah. They do that." Come back for seconds.
    Around 2013 one of my friend's home was burglarized. Computers, flat screen tv, etc. A few weeks later they came back for seconds, stealing the new stuff. A policeman told them. "Oh yeah. They do that." Come back for seconds.
    Same police department.

  28. Cheap by Anonymous Coward · · Score: 0

    Too bad banks are too cheap to invest in computer security and training. But let's sue the insurance company to get our money back! Haha. That's funny.

    1. Re: Cheap by datavirtue · · Score: 1

      You always have to spawn a mitigating course of action so the ceo forgets about wanting to fire you. Welcome to banking catastrophy mitigation 101. Banking is a special kind of epic fail. With something so serious you get to see how competent hjmans really are. They plan til the cows come home and shit always still goes sideways.

      --
      I object to power without constructive purpose. --Spock
  29. With Zero-Day Discoveries Being Found All The Time by Gnostic+Teflon · · Score: 1

    With Zero-Day discoveries being found all the time, any evil computer science genius can screw the systems six ways to Sunday.
    What's needed is hard backups and system analysis software to alert the CT people that something strange is happening. We've given the whole world the keys to the treasure chest.

  30. +1 by Anonymous Coward · · Score: 0

    You know, I give you a lot of shit. But I take it back, you're ok.